package com.windliven.spoc.modules.init.config.shiro;

import com.windliven.spoc.modules.init.service.UserService;
import org.apache.shiro.authc.Authenticator;
import org.apache.shiro.authc.pam.FirstSuccessfulStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.mgt.SessionStorageEvaluator;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
import org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator;
import org.springframework.boot.SpringBootConfiguration;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;

import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import java.util.Arrays;
import java.util.Map;

/**
 * @Author: bysun
 * @Date: 2019/5/26 9:51
 */
@SpringBootConfiguration
public class ShiroConfig {

//    @Bean
//    public FilterRegistrationBean<Filter> filterRegistrationBean(SecurityManager securityManager, UserService userService) throws Exception {
//        FilterRegistrationBean<Filter> filterRegistration = new FilterRegistrationBean<Filter>();
//        filterRegistration.setFilter((Filter) shiroFilter(securityManager, userService).getObject());
//        filterRegistration.addInitParameter("targetFilterLifecycle", "true");
//        filterRegistration.setAsyncSupported(true);
//        filterRegistration.setEnabled(true);
//        filterRegistration.setDispatcherTypes(DispatcherType.REQUEST);
//        return filterRegistration;
//    }
//
//    @Bean
//    public Authenticator authenticator(UserService userService) {
//        ModularRealmAuthenticator authenticator = new ModularRealmAuthenticator();
//        //设置两个Realm，一个用于用户登录验证和访问权限获取；一个用于jwt token的认证
//        authenticator.setRealms(Arrays.asList(jwtShiroRealm(userService), dbShiroRealm(userService)));
//        //设置多个realm认证策略，一个成功即跳过其它的
//        authenticator.setAuthenticationStrategy(new FirstSuccessfulStrategy());
//        return authenticator;
//    }
//
//    @Bean
//    protected SessionStorageEvaluator sessionStorageEvaluator() {
//        DefaultWebSessionStorageEvaluator sessionStorageEvaluator = new DefaultWebSessionStorageEvaluator();
//        sessionStorageEvaluator.setSessionStorageEnabled(false);
//        return sessionStorageEvaluator;
//    }
//
//    @Bean("dbRealm")
//    public Realm dbShiroRealm(UserService userService) {
//        DbShiroRealm myShiroRealm = new DbShiroRealm(userService);
//        return myShiroRealm;
//    }
//
//    @Bean("jwtRealm")
//    public Realm jwtShiroRealm(UserService userService) {
//        JWTShiroRealm myShiroRealm = new JWTShiroRealm(userService);
//        return myShiroRealm;
//    }
//
//    @Bean("shiroFilter")
//    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager, UserService userService) {
//        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
//        factoryBean.setSecurityManager(securityManager);
//        Map<String, Filter> filterMap = factoryBean.getFilters();
//        filterMap.put("authcToken", createAuthFilter(userService));
//        filterMap.put("anyRole", createRolesFilter());
//        factoryBean.setFilters(filterMap);
//        factoryBean.setFilterChainDefinitionMap(shiroFilterChainDefinition().getFilterChainMap());
//        return factoryBean;
//    }
//
//    @Bean
//    protected ShiroFilterChainDefinition shiroFilterChainDefinition() {
//        DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
//        chainDefinition.addPathDefinition("/login", "noSessionCreation,anon"); //login不做认证，noSessionCreation的作用是用户在操作session时会抛异常
//        chainDefinition.addPathDefinition("/logout", "noSessionCreation,authcToken[permissive]"); //做用户认证，permissive参数的作用是当token无效时也允许请求访问，不会返回鉴权未通过的错误
//        chainDefinition.addPathDefinition("/image/", "anon");
//        chainDefinition.addPathDefinition("/admin/", "noSessionCreation,authcToken,anyRole[admin,manager]"); //只允许admin或manager角色的用户访问
//        chainDefinition.addPathDefinition("/article/list", "noSessionCreation,authcToken");
//        chainDefinition.addPathDefinition("/article/*", "noSessionCreation,authcToken[permissive]");
//        chainDefinition.addPathDefinition("/**", "noSessionCreation,authcToken"); // 默认进行用户鉴权
//        return chainDefinition;
//    }
//
//    protected JwtAuthFilter createAuthFilter(UserService userService) {
//        return new JwtAuthFilter(userService);
//    }
//
//    protected AnyRolesAuthorizationFilter createRolesFilter() {
//        return new AnyRolesAuthorizationFilter();
//    }


}
